package com.example.security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/user/")
public class UserController {
    @GetMapping("/public/hello")
    public String hello(){
        return "public";
    }
    /*
    PreAuthorize:
    1.指定拥有 sys:private:view 权限才能访问该方法
    2.先认证【输入用户名和密码】，再授权【拥有哪些权限】
     */
    @PreAuthorize("hasAnyAuthority('sys:private:view')")
    @GetMapping("/private/hello")
    public String privateHello(){
        return "private";
    }
}
